httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From <Gerhardus.Geldenh...@gta-travel.com>
Subject [users@httpd] RequesHeader directive not adding directive
Date Mon, 09 Feb 2009 17:24:18 GMT
Hi
We have a forum site that is behind a load balancer and the site relies
on ip addresses to detect failed logins. This does not work because the
loadbalancer changes the source ip address to that of itself.

our load balancer(f5) adds the original ip as x-forwarded-for http
header.

However the third party software that we use don't pick up this header. 

Here is the relevant line(I think anyway, the function is called
fetch_alt_ip) from the software:
else if (isset($_SERVER['HTTP_X_FORWARDED_FOR']) AND
preg_match_all('#\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}#s',
$_SERVER['HTTP_X_FORWARDED_FOR'], $matches))

Sidenote:
If I have to change the code the following works by editing the fetch_ip
function from:
return $_SERVER['REMOTE_ADDR'];
to 
return (getenv(HTTP_X_FORWARDED_FOR))
? getenv(HTTP_X_FORWARDED_FOR)
: getenv(REMOTE_ADDR);

I have changed the HTTP_X_FORWARDED_FOR to x-forwarded-for in lower and
upper case but the software still did not pick it up.

However I am not keen on changing the source code as that complicates
matters when you upgrade and someone might forget to change the source
code again or not read the documentation

After a bit of googling I thought I would give RequestHeader a go and
wrote the following:

RequestHeader append HTTP_X_FORWARDED_FOR "%{x-forwarded-for}e"

However the forum software does not pick this up and nor do I see the
value in my log file:
LogFormat "xforwarded:%{x-forwarded-for}i
rlnclient:%{rlnclientipaddr}i   forumsoftware:%{HTTP_X_FORWARDED_FOR}i
vanilla: %h" gg2

This is a typical log entry:
xforwarded:10.241.115.240   rlnclient:10.241.115.240
forumsoftware:(null)   vanilla: 10.200.11.43

Am I using request header wrong or doing something else stupid?

Regards


______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message